Hi everybody!
I am using a Dell Studio 1555 that has Windows 7 and is a x64 system. It had recently gotten a virus and deleted the anti virus program I had on the computer. I downloaded SUPERAntiSpyware onto a jumpdrive and ran it on the computer. It detected a few problems and I fixed them. I did not save the log of what it found though, sorry about that. I thought the problem was fixed so I went to reinstall AVG antivirus. However, when it finished downloading and I clicked on it to start the install, I get this message:
"Unable to extract the setup contents. If you want to continue the setup or update process, make sure you have the Administrator rights. (can not create temp folder archive)"
I don't know what to do after this, the account I am on is set as Administrator. I have CCleaner, and I ran that, thinking the amount of stuff in the Downloads file (well over 1 GB) might have prevented it from opening, but with no luck. I have also tried right-clicking the file and selecting "Run as Administrator", and that did not work.
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:35:27 PM, on 5/17/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe
C:\QUICKENW\QWDLLS.EXE
C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Kara\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [StockTicker] C:\Program Files (x86)\Free Desktop Tools\StockTicker\StockTicker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 16738 bytes
dds.txt file:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Kara at 14:38:58 on 2013-05-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2314 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\QUICKENW\QWDLLS.EXE
C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.coupons.com/
mStart Page = hxxp://search.coupons.com/
uProxyOverride = <local>;*.local;127.0.0.1:9421;
uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: <No Name>: {cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} - LocalServer32 - <no file>
uRun: [Akamai NetSession Interface] "C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [StockTicker] C:\Program Files (x86)\Free Desktop Tools\StockTicker\StockTicker.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BILLMI~1.LNK - C:\QUICKENW\BILLMIND.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKE~1.LNK - C:\QUICKENW\QWDLLS.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{00E8F8CC-3BDD-4EC2-B1CD-E1EE1BF075C0} : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE} : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE}\8686F6E6F62737 : DHCPNameServer = 12.127.16.67 12.127.17.71
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE}\C4579676963777962756C6563737 : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE}\C696E6B6379737 : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE}\C696E6B6379737F5F475F52363733303 : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kara\AppData\Roaming\Mozilla\Firefox\Profiles\rj1rx0i2.default\
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-29 55280]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-4-7 64272]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport \store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-9-25 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-9-25 61712]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\s pool\drivers\x64\3\dleaserv.exe [2009-7-1 45224]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-1-12 341312]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-1-12 68928]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-11-21 794272]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-29 656624]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-10-29 172704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-10-30 138752]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-10-30 5435904]
S1 SASDIFSV;SASDIFSV;E:\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-12-19 29184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-3 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADLTScriptFile="C:\Windows\notepad.exe" "%1"
.
=============== Created Last 30 ================
.
2013-05-17 03:01:04 -------- d-----w- C:\Users\Kara\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 03:01:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 01:40:46 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5673C00-FBC5-4BE4-A38F-252AC73DDEA4}\mpengine.dll
2013-04-23 21:52:18 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2013-05-14 22:36:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 22:36:56 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-01 03:36:31 749487 ----a-w- C:\ProgramData\SPLBDDC.tmp
2013-03-31 20:34:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-03-31 20:34:42 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-03-19 06:19:35 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:54:37 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:06:09 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:06:09 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:19:03 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-07 15:00:15 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 15:00:10 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-07 15:00:10 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:32:29 3150848 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-16 21:12:42 3623592 ----a-w- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
2011-09-16 21:12:04 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe
2010-01-26 17:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 14:39:46.14 ===============
attach.txt file:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2009 3:25:46 PM
System Uptime: 5/17/2013 1:32:47 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0D176M
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 369.359 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
==== System Restore Points ===================
.
RP851: 5/16/2013 9:13:54 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Acrobat XI Pro
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Age of Empires III
AGEIA PhysX v2.6.0
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AutoCAD LT 2004
Autodesk Express Viewer
Banctec Service Agreement
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
D3DX10
DAO 3.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell V310-V510 Series
Dell Webcam Central
Diablo II
EZ Vinyl/Tape Converter 7.4 by MixMeister
Facebook Messenger 2.1.4631.0
Facebook Video Calling 1.2.0.159
Fallout
GCalc 3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
iCloud
Intel(R) Graphics Media Accelerator Driver
Internet TV for Windows Media Center
iTunes
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
jZip
Kobo
Live! Cam Avatar Creator
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
Nitro PDF Professional
PC Tools Registry Mechanic 11.1
PowerDVD DX
PowerTeacher Gradebook
Quicken Deluxe 2000
Quickset64
QuickTime
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealUpgrade 1.1
Roxio Burn
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype 6.1
Spybot - Search & Destroy
StockTicker
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VDownloader 3.6.943
Veoh Web Player
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
Widevine Media Transformer Chrome 5.0.0
Widevine Media Transformer Plugin 5.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.1.1
Wondershare PDF Converter (Build 2.6.0)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/17/2013 6:57:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/17/2013 6:57:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
5/17/2013 1:28:11 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
5/17/2013 1:28:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
5/17/2013 1:27:33 AM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: This driver has been blocked from loading
5/17/2013 1:27:33 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\mrtRate.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/16/2013 11:56:48 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
5/16/2013 11:29:26 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: The system cannot find the file specified.
5/15/2013 4:50:02 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
5/15/2013 3:25:13 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
ark.txt file (I did a C:\ scan, not the quick scan):
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 15:30:52
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-75ZAT0 rev.01.01A01 465.76GB
Running: lx0qgu3p.exe; Driver: C:\Users\Kara\AppData\Local\Temp\pxldqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077c10028 5 bytes JMP 0000000100414dc0
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076b62c91 4 bytes CALL 71aa0000
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000759f6737 5 bytes JMP 0000000171a40022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075a07133 5 bytes JMP 0000000171ad0022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4048] entry point in ".rdata" section 00000000722071e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0xc85228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0xc85268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 7 bytes {MOV EDX, 0xc851a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 7 bytes {MOV EDX, 0xc85128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0xc85328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0xc85368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0xc852e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0xc852a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0xc85068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0xc850a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0xc85028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 7 bytes {MOV EDX, 0xc851e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 7 bytes {MOV EDX, 0xc85168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0xc850e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0x8b1e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0x8b1e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 7 bytes {MOV EDX, 0x8b1da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 7 bytes {MOV EDX, 0x8b1d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0x8b1f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0x8b1f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0x8b1ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0x8b1ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0x8b1c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0x8b1ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0x8b1c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 7 bytes {MOV EDX, 0x8b1de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 7 bytes {MOV EDX, 0x8b1d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0x8b1ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0xb0f628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0xb0f668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 7 bytes {MOV EDX, 0xb0f5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 7 bytes {MOV EDX, 0xb0f528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0xb0f728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0xb0f768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0xb0f6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0xb0f6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0xb0f468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0xb0f4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0xb0f428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 7 bytes {MOV EDX, 0xb0f5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 7 bytes {MOV EDX, 0xb0f568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0xb0f4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0x298e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0x298e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 2 bytes [BA, A8]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8 0000000077c1fbb8 4 bytes {SUB [RAX], EAX; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 2 bytes [BA, 28]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8 0000000077c1fbd0 4 bytes {SUB [RAX], EAX; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0x298f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0x298f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0x298ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0x298ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0x298c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0x298ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0x298c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 2 bytes [BA, E8]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8 0000000077c21058 4 bytes {SUB [RAX], EAX; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 2 bytes [BA, 68]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8 0000000077c210d0 4 bytes {SUB [RAX], EAX; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0x298ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0x1ec628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0x1ec668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 7 bytes {MOV EDX, 0x1ec5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 7 bytes {MOV EDX, 0x1ec528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0x1ec728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0x1ec768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0x1ec6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0x1ec6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0x1ec468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0x1ec4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0x1ec428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 7 bytes {MOV EDX, 0x1ec5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 7 bytes {MOV EDX, 0x1ec568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0x1ec4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_amsg_exit] [ebd38bc78b4c00]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!??3@YAXPEAX@Z] [ce8b4850244c8b4c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!memcmp] [17e7840fdb8545]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!memset] [eb00005d4915ff00]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!iswspace] [ebc0330045894800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_vscwprintf] [90909090909090a7]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_wcsicmp] [8b4820ec8348f3ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!wcspbrk] [e8d98b49d08b49ca]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_vsnwprintf] [3303894800000014]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_unlock] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!__dllonexit] [909000005e9a25ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_lock] [8348f3ff90909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_onexit] [d88b49ca8b4820ec]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!memmove] [3894800000013e8]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!free] [c35b20c48348c033]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!malloc] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!qsort] [909000005e7a25ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!realloc] [28ec834890909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!wcschr] [8b5e0d8b48d18b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_wcsnicmp] [48840fc985480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!wcstoul] [ce8000018]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_purecall] [909090c328c48348]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!isalpha] [245c894890909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_XcptFilter] [4857102474894808]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!strchr] [8b2e3d8b4820ec83]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_initterm] [8b470d8d480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!??2@YAPEAX_K@Z] [1bbf28b4800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!memcpy] [4500005c3915ff00]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindResourceW] [20244489d88b0000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!LoadLibraryExW] [f2840f01ff8300eb]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetModuleFileNameW] [835474ff85000000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!LocalFree] [5f00000140c48148]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CreateFileW] [9090909090c35b5e]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!DeviceIoControl] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!WriteFile] [83485708245c8948]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!ReadFile] [1bfd98b4820ec]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CloseHandle] [73c840fd2850000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [c78b3974d73b0000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetComputerNameW] [c4834830245c8b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetTickCount64] [7024848b4cc35f20]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CreateEventW] [ce8b48d78b000001]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!DeleteFileW] [89d88bfffffe63e8]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!VerifyVersionInfoW] [c085480000944305]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindFirstFileW] [8300001d26e98a74]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindNextFileW] [89480000008eba25]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!LoadResource] [d8d4800008e630d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetFileSizeEx] [15ffd23300008e84]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!HeapDestroy] [8e9e0d8b00005f94]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindClose] [89cf450fc0850000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!Sleep] [75c98500008e930d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!QueryPerformanceCounter] [9090000014e2e995]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetTickCount] [28ec834890909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetCurrentThreadId] [f515ff00000100b9]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetCurrentProcessId] [8e3e05894800005d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TerminateProcess] [8e2f0589480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetCurrentProcess] [1b1b840fc0854800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!UnhandledExceptionFilter] [c033002083480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [fdb85c328c48348]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!RtlVirtualUnwind] [1c16e9ffffff0685]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!RtlLookupFunctionEntry] [3025048b48650000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!RtlCaptureContext] [708b48eb8b000000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TlsFree] [f48f0c03300eb08]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TlsAlloc] [850f00008daa35b1]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TlsSetValue] [58b00eb00001b25]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TlsGetValue] [850fc33b00008db4]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FormatMessageW] [c5358d4800001b32]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVolumePathNamesForVolumeNameW] [61ce358d4c000061]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetFileAttributesW] [8d983d890000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVolumePathNameW] [3b2373f63b49c38b]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVolumeNameForVolumeMountPointW] [4800001aeb850fc3]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVolumeInformationW] [ff0274cb3b480e8b]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [f63b4908c68348d1]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetFullPathNameW] [1ad0850fc33be572]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetDriveTypeW] [617f158d480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindFirstVolumeW] [61700d8d4800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindNextVolumeW] [5105c700000037e8]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindVolumeClose] [3b0000000200008d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetCurrentThread] [8748c38b480a75eb]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SetLastError] [1d394800008d2b05]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CreateDirectoryW] [1acb850f00009324]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SetFileAttributesW] [8d243d010000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SizeofResource] [909090fffffd4ee9]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrlenA] [5d0e25ff90909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!MultiByteToWideChar] [900000000de80000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrcatW] [8b4820ec83485718]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetSystemInfo] [64834800008d0305]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!VirtualQuery] [dfa232bf48003024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!VirtualAlloc] [c73b4800002b992d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!VirtualProtect] [8d4800001be1850f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVersionExW] [5da715ff30244c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrcpynW] [15ff30245c8b4800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrcmpiW] [49d88b4400005d54]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetModuleHandleW] [5d6015ffdb33]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!LoadLibraryW] [15ffdb3349d88b44]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetProcAddress] [244c8d4800005d8c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetLastError] [ffdb3349d88b4438]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrlenW] [5c8b4c00005d8315]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FreeLibrary] [ffb848db334c3824]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [4c0000ffffffffff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[USER32.dll!GetSystemMetrics] [1b8d88b44]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[USER32.dll!CharPrevW] [15730000010dfb81]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[USER32.dll!CharNextW] [6c8b4830245c8b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!DeregisterEventSource] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!ReportEventW] [6c894808245c8948]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegisterEventSourceW] [5541544157561024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!EqualSid] [db3320ec83485641]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!CreateWellKnownSid] [d33be98b4ce08b4d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LookupPrivilegeValueW] [1bf000007f9840f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!OpenProcessToken] [ff840fd73b000000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!OpenThreadToken] [5c8b48c78b000001]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!CopySid] [4858246c8b485024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!GetTokenInformation] [415d415e4120c483]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!CloseServiceHandle] [90909090c35e5f5c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!QueryServiceStatusEx] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!OpenServiceW] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!OpenSCManagerW] [74894808245c8948]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LsaClose] [4920ec8348571024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LsaFreeMemory] [83f18b48da8bf88b]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegEnumValueW] [272840f01fa]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegQueryInfoKeyW] [ce8b48d38bc78b4c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegOpenKeyExW] [748b4830245c8b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegEnumKeyExW] [eb5f20c483483824]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegCloseKey] [9090909090909007]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegCreateKeyExW] [158920245c890000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegDeleteValueW] [7401fa83000007d1]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [8b48327502fa8305]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegUnLoadKeyW] [c085480000950b05]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegLoadKeyW] [db8500001ced850f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!AdjustTokenPrivileges] [17024848b4c1a74]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegQueryValueExW] [e8ce8b48d78b0000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LsaOpenPolicy] [4489d88bfffffefc]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LsaQueryInformationPolicy] [2c74db8500eb2024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegSetValueExW] [17024848b4c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!NtSetInformationFile] [8548c93300000e9f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!NtQueryInformationFile] [8b48e0518d4675c9]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlGetLastNtStatus] [4400005c4915ffce]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlFreeHeap] [d88b44d23318478b]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlCreateSystemVolumeInformationFolder] [4f8b44237ec08545]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlDosPathNameToNtPathName_U] [c18b4110578b4c1c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlInitUnicodeString] [349c86348c2af0f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlDeleteElementGenericTableAvl] [74193944660674ca]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlEnumerateGenericTableAvl] [e57cd03b41d30309]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlInitializeGenericTableAvl] [23c01bd9f748c933]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlSetCurrentTransaction] [8ad80d8d48d8]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlGetCurrentTransaction] [8b4800005bca15ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!WinSqmSetDWORD] [5c8b48c38b382474]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlNumberGenericTableElementsAvl] [c35f20c483483024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlInsertElementGenericTableAvl] [840f00000286fb81]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl] [288bafffffe95]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlNtStatusToDosError] [1673840fda3b00]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlSetThreadErrorMode] [f0000028ffb8100]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlEqualUnicodeString] [91fb81fffffe4b86]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!EtwTraceMessage] [fffe3f870f000002]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlComputeCrc32] [9090fffffe6be9ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlLookupElementGenericTableAvl] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!MesEncodeDynBufferHandleCreate] [90c35f20c4834840]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!MesHandleFree] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!MesDecodeBufferHandleCreate] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!NdrMesTypeDecode3] [6c894808245c8948]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!NdrMesTypeEncode3] [5718247489481024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!I_RpcExceptionFilter] [246c8b4820ec8348]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!UuidToStringW] [48f98b49ca8b4858]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!RpcStringFreeW] [48d88b4100006583]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[VSSAPI.DLL!GetProviderMgmtInterfaceInternal] [ffb81c35f20c483]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[VSSAPI.DLL!VssFreeSnapshotPropertiesInternal] [80fb811476000001]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[VSSAPI.DLL!CreateVssBackupComponentsInternal] [82fb81db76000002]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoGetMalloc] [30798b3049ff20ec]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoCreateInstance] [850f01ff83d98b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoWaitForMultipleHandles] [28418b4800000338]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CLSIDFromString] [c08510ff28c18348]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoCreateGuid] [c78b00001408850f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoTaskMemAlloc] [c4834830245c8b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoTaskMemRealloc] [9090909090c35f20]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoTaskMemFree] [8348f3ff90909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!StringFromGUID2] [8a2f0d8d4820ec]
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe [2752:2532] 000000007388b684
Thread C:\Windows\System32\svchost.exe [792:2712] 000007fef3be9688
---- EOF - GMER 2.1 ----
Any help from all of you would be much appreciated!
MilwaukeeCop
I am using a Dell Studio 1555 that has Windows 7 and is a x64 system. It had recently gotten a virus and deleted the anti virus program I had on the computer. I downloaded SUPERAntiSpyware onto a jumpdrive and ran it on the computer. It detected a few problems and I fixed them. I did not save the log of what it found though, sorry about that. I thought the problem was fixed so I went to reinstall AVG antivirus. However, when it finished downloading and I clicked on it to start the install, I get this message:
"Unable to extract the setup contents. If you want to continue the setup or update process, make sure you have the Administrator rights. (can not create temp folder archive)"
I don't know what to do after this, the account I am on is set as Administrator. I have CCleaner, and I ran that, thinking the amount of stuff in the Downloads file (well over 1 GB) might have prevented it from opening, but with no luck. I have also tried right-clicking the file and selecting "Run as Administrator", and that did not work.
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:35:27 PM, on 5/17/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe
C:\QUICKENW\QWDLLS.EXE
C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Kara\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [StockTicker] C:\Program Files (x86)\Free Desktop Tools\StockTicker\StockTicker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 16738 bytes
dds.txt file:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Kara at 14:38:58 on 2013-05-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2314 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\QUICKENW\QWDLLS.EXE
C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.coupons.com/
mStart Page = hxxp://search.coupons.com/
uProxyOverride = <local>;*.local;127.0.0.1:9421;
uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
EB: <No Name>: {cccc7d2d-9a4c-4c9a-9bd4-cc4815b28ccc} - LocalServer32 - <no file>
uRun: [Akamai NetSession Interface] "C:\Users\Kara\AppData\Local\Akamai\netsession_win.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [StockTicker] C:\Program Files (x86)\Free Desktop Tools\StockTicker\StockTicker.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BILLMI~1.LNK - C:\QUICKENW\BILLMIND.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKE~1.LNK - C:\QUICKENW\QWDLLS.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{00E8F8CC-3BDD-4EC2-B1CD-E1EE1BF075C0} : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE} : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE}\8686F6E6F62737 : DHCPNameServer = 12.127.16.67 12.127.17.71
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE}\C4579676963777962756C6563737 : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE}\C696E6B6379737 : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
TCP: Interfaces\{51791D77-0F5A-4FB5-9F7E-ABF09F7F22BE}\C696E6B6379737F5F475F52363733303 : DHCPNameServer = 206.126.208.35 206.126.209.162 206.126.209.78
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kara\AppData\Roaming\Mozilla\Firefox\Profiles\rj1rx0i2.default\
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-29 55280]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-4-7 64272]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport \store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-9-25 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-9-25 61712]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\s pool\drivers\x64\3\dleaserv.exe [2009-7-1 45224]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-1-12 341312]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-1-12 68928]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-11-21 794272]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-9-25 919352]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-29 656624]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-10-29 172704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-10-30 138752]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-10-30 5435904]
S1 SASDIFSV;SASDIFSV;E:\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-12-19 29184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-3 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADLTScriptFile="C:\Windows\notepad.exe" "%1"
.
=============== Created Last 30 ================
.
2013-05-17 03:01:04 -------- d-----w- C:\Users\Kara\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 03:01:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 01:40:46 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5673C00-FBC5-4BE4-A38F-252AC73DDEA4}\mpengine.dll
2013-04-23 21:52:18 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2013-05-14 22:36:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 22:36:56 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-01 03:36:31 749487 ----a-w- C:\ProgramData\SPLBDDC.tmp
2013-03-31 20:34:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-03-31 20:34:42 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-03-19 06:19:35 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:54:37 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:06:09 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:06:09 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:19:03 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-07 15:00:15 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 15:00:10 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-07 15:00:10 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:32:29 3150848 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-16 21:12:42 3623592 ----a-w- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
2011-09-16 21:12:04 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe
2010-01-26 17:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 14:39:46.14 ===============
attach.txt file:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2009 3:25:46 PM
System Uptime: 5/17/2013 1:32:47 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0D176M
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 369.359 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
==== System Restore Points ===================
.
RP851: 5/16/2013 9:13:54 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Acrobat XI Pro
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Age of Empires III
AGEIA PhysX v2.6.0
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AutoCAD LT 2004
Autodesk Express Viewer
Banctec Service Agreement
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
D3DX10
DAO 3.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell V310-V510 Series
Dell Webcam Central
Diablo II
EZ Vinyl/Tape Converter 7.4 by MixMeister
Facebook Messenger 2.1.4631.0
Facebook Video Calling 1.2.0.159
Fallout
GCalc 3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
iCloud
Intel(R) Graphics Media Accelerator Driver
Internet TV for Windows Media Center
iTunes
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
jZip
Kobo
Live! Cam Avatar Creator
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
Nitro PDF Professional
PC Tools Registry Mechanic 11.1
PowerDVD DX
PowerTeacher Gradebook
Quicken Deluxe 2000
Quickset64
QuickTime
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealUpgrade 1.1
Roxio Burn
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype 6.1
Spybot - Search & Destroy
StockTicker
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VDownloader 3.6.943
Veoh Web Player
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
Widevine Media Transformer Chrome 5.0.0
Widevine Media Transformer Plugin 5.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.1.1
Wondershare PDF Converter (Build 2.6.0)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/17/2013 6:57:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/17/2013 6:57:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
5/17/2013 1:28:11 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
5/17/2013 1:28:08 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
5/17/2013 1:27:33 AM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: This driver has been blocked from loading
5/17/2013 1:27:33 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\mrtRate.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/16/2013 11:56:48 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
5/16/2013 11:29:26 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: The system cannot find the file specified.
5/15/2013 4:50:02 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
5/15/2013 3:25:13 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================
ark.txt file (I did a C:\ scan, not the quick scan):
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 15:30:52
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-75ZAT0 rev.01.01A01 465.76GB
Running: lx0qgu3p.exe; Driver: C:\Users\Kara\AppData\Local\Temp\pxldqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077c10028 5 bytes JMP 0000000100414dc0
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076b62c91 4 bytes CALL 71aa0000
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000759f6737 5 bytes JMP 0000000171a40022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075a07133 5 bytes JMP 0000000171ad0022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4048] entry point in ".rdata" section 00000000722071e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0xc85228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0xc85268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 7 bytes {MOV EDX, 0xc851a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 7 bytes {MOV EDX, 0xc85128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0xc85328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0xc85368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0xc852e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0xc852a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0xc85068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0xc850a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0xc85028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 7 bytes {MOV EDX, 0xc851e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 7 bytes {MOV EDX, 0xc85168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0xc850e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0x8b1e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0x8b1e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 7 bytes {MOV EDX, 0x8b1da8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 7 bytes {MOV EDX, 0x8b1d28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0x8b1f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0x8b1f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0x8b1ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0x8b1ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0x8b1c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0x8b1ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0x8b1c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 7 bytes {MOV EDX, 0x8b1de8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 7 bytes {MOV EDX, 0x8b1d68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0x8b1ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0xb0f628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0xb0f668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 7 bytes {MOV EDX, 0xb0f5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 7 bytes {MOV EDX, 0xb0f528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0xb0f728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0xb0f768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0xb0f6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0xb0f6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0xb0f468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0xb0f4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0xb0f428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 7 bytes {MOV EDX, 0xb0f5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 7 bytes {MOV EDX, 0xb0f568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0xb0f4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0x298e28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0x298e68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 2 bytes [BA, A8]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8 0000000077c1fbb8 4 bytes {SUB [RAX], EAX; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 2 bytes [BA, 28]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8 0000000077c1fbd0 4 bytes {SUB [RAX], EAX; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0x298f28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0x298f68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0x298ee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0x298ea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0x298c68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0x298ca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0x298c28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 2 bytes [BA, E8]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8 0000000077c21058 4 bytes {SUB [RAX], EAX; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 2 bytes [BA, 68]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8 0000000077c210d0 4 bytes {SUB [RAX], EAX; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0x298ce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c1f941 7 bytes {MOV EDX, 0x1ec628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c1fb85 7 bytes {MOV EDX, 0x1ec668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c1fbb5 7 bytes {MOV EDX, 0x1ec5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c1fbcd 7 bytes {MOV EDX, 0x1ec528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c1fbe5 7 bytes {MOV EDX, 0x1ec728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c1fc15 7 bytes {MOV EDX, 0x1ec768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c1fc95 7 bytes {MOV EDX, 0x1ec6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c1fcad 7 bytes {MOV EDX, 0x1ec6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c1fcf9 7 bytes {MOV EDX, 0x1ec468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c1fdf1 7 bytes {MOV EDX, 0x1ec4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c20049 7 bytes {MOV EDX, 0x1ec428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c21055 7 bytes {MOV EDX, 0x1ec5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c210cd 7 bytes {MOV EDX, 0x1ec568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c212d1 7 bytes {MOV EDX, 0x1ec4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768a1465 2 bytes [8A, 76]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768a14bb 2 bytes [8A, 76]
.text ... * 2
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_amsg_exit] [ebd38bc78b4c00]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!??3@YAXPEAX@Z] [ce8b4850244c8b4c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!memcmp] [17e7840fdb8545]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!memset] [eb00005d4915ff00]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!iswspace] [ebc0330045894800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_vscwprintf] [90909090909090a7]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_wcsicmp] [8b4820ec8348f3ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!wcspbrk] [e8d98b49d08b49ca]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_vsnwprintf] [3303894800000014]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_unlock] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!__dllonexit] [909000005e9a25ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_lock] [8348f3ff90909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_onexit] [d88b49ca8b4820ec]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!memmove] [3894800000013e8]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!free] [c35b20c48348c033]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!malloc] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!qsort] [909000005e7a25ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!realloc] [28ec834890909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!wcschr] [8b5e0d8b48d18b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_wcsnicmp] [48840fc985480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!wcstoul] [ce8000018]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_purecall] [909090c328c48348]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!isalpha] [245c894890909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_XcptFilter] [4857102474894808]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!strchr] [8b2e3d8b4820ec83]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!_initterm] [8b470d8d480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!??2@YAPEAX_K@Z] [1bbf28b4800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[msvcrt.dll!memcpy] [4500005c3915ff00]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindResourceW] [20244489d88b0000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!LoadLibraryExW] [f2840f01ff8300eb]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetModuleFileNameW] [835474ff85000000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!LocalFree] [5f00000140c48148]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CreateFileW] [9090909090c35b5e]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!DeviceIoControl] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!WriteFile] [83485708245c8948]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!ReadFile] [1bfd98b4820ec]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CloseHandle] [73c840fd2850000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetSystemTimeAsFileTime] [c78b3974d73b0000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetComputerNameW] [c4834830245c8b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetTickCount64] [7024848b4cc35f20]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CreateEventW] [ce8b48d78b000001]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!DeleteFileW] [89d88bfffffe63e8]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!VerifyVersionInfoW] [c085480000944305]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindFirstFileW] [8300001d26e98a74]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindNextFileW] [89480000008eba25]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!LoadResource] [d8d4800008e630d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetFileSizeEx] [15ffd23300008e84]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!HeapDestroy] [8e9e0d8b00005f94]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindClose] [89cf450fc0850000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!Sleep] [75c98500008e930d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!QueryPerformanceCounter] [9090000014e2e995]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetTickCount] [28ec834890909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetCurrentThreadId] [f515ff00000100b9]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetCurrentProcessId] [8e3e05894800005d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TerminateProcess] [8e2f0589480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetCurrentProcess] [1b1b840fc0854800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!UnhandledExceptionFilter] [c033002083480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SetUnhandledExceptionFilter] [fdb85c328c48348]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!RtlVirtualUnwind] [1c16e9ffffff0685]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!RtlLookupFunctionEntry] [3025048b48650000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!RtlCaptureContext] [708b48eb8b000000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TlsFree] [f48f0c03300eb08]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TlsAlloc] [850f00008daa35b1]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TlsSetValue] [58b00eb00001b25]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!TlsGetValue] [850fc33b00008db4]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FormatMessageW] [c5358d4800001b32]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVolumePathNamesForVolumeNameW] [61ce358d4c000061]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetFileAttributesW] [8d983d890000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVolumePathNameW] [3b2373f63b49c38b]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVolumeNameForVolumeMountPointW] [4800001aeb850fc3]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVolumeInformationW] [ff0274cb3b480e8b]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!ExpandEnvironmentStringsW] [f63b4908c68348d1]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetFullPathNameW] [1ad0850fc33be572]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetDriveTypeW] [617f158d480000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindFirstVolumeW] [61700d8d4800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindNextVolumeW] [5105c700000037e8]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FindVolumeClose] [3b0000000200008d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetCurrentThread] [8748c38b480a75eb]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SetLastError] [1d394800008d2b05]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!CreateDirectoryW] [1acb850f00009324]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SetFileAttributesW] [8d243d010000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!SizeofResource] [909090fffffd4ee9]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrlenA] [5d0e25ff90909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!MultiByteToWideChar] [900000000de80000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrcatW] [8b4820ec83485718]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetSystemInfo] [64834800008d0305]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!VirtualQuery] [dfa232bf48003024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!VirtualAlloc] [c73b4800002b992d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!VirtualProtect] [8d4800001be1850f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetVersionExW] [5da715ff30244c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrcpynW] [15ff30245c8b4800]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrcmpiW] [49d88b4400005d54]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetModuleHandleW] [5d6015ffdb33]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!LoadLibraryW] [15ffdb3349d88b44]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetProcAddress] [244c8d4800005d8c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetLastError] [ffdb3349d88b4438]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!lstrlenW] [5c8b4c00005d8315]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!FreeLibrary] [ffb848db334c3824]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[KERNEL32.dll!GetDiskFreeSpaceExW] [4c0000ffffffffff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[USER32.dll!GetSystemMetrics] [1b8d88b44]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[USER32.dll!CharPrevW] [15730000010dfb81]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[USER32.dll!CharNextW] [6c8b4830245c8b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!DeregisterEventSource] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!ReportEventW] [6c894808245c8948]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegisterEventSourceW] [5541544157561024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!EqualSid] [db3320ec83485641]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!CreateWellKnownSid] [d33be98b4ce08b4d]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LookupPrivilegeValueW] [1bf000007f9840f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!OpenProcessToken] [ff840fd73b000000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!OpenThreadToken] [5c8b48c78b000001]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!CopySid] [4858246c8b485024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!GetTokenInformation] [415d415e4120c483]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!CloseServiceHandle] [90909090c35e5f5c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!QueryServiceStatusEx] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!OpenServiceW] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!OpenSCManagerW] [74894808245c8948]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LsaClose] [4920ec8348571024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LsaFreeMemory] [83f18b48da8bf88b]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegEnumValueW] [272840f01fa]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegQueryInfoKeyW] [ce8b48d38bc78b4c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegOpenKeyExW] [748b4830245c8b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegEnumKeyExW] [eb5f20c483483824]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegCloseKey] [9090909090909007]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegCreateKeyExW] [158920245c890000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegDeleteValueW] [7401fa83000007d1]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [8b48327502fa8305]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegUnLoadKeyW] [c085480000950b05]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegLoadKeyW] [db8500001ced850f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!AdjustTokenPrivileges] [17024848b4c1a74]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegQueryValueExW] [e8ce8b48d78b0000]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LsaOpenPolicy] [4489d88bfffffefc]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!LsaQueryInformationPolicy] [2c74db8500eb2024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ADVAPI32.dll!RegSetValueExW] [17024848b4c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!NtSetInformationFile] [8548c93300000e9f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!NtQueryInformationFile] [8b48e0518d4675c9]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlGetLastNtStatus] [4400005c4915ffce]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlFreeHeap] [d88b44d23318478b]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlCreateSystemVolumeInformationFolder] [4f8b44237ec08545]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlDosPathNameToNtPathName_U] [c18b4110578b4c1c]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlInitUnicodeString] [349c86348c2af0f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlDeleteElementGenericTableAvl] [74193944660674ca]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlEnumerateGenericTableAvl] [e57cd03b41d30309]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlInitializeGenericTableAvl] [23c01bd9f748c933]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlSetCurrentTransaction] [8ad80d8d48d8]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlGetCurrentTransaction] [8b4800005bca15ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!WinSqmSetDWORD] [5c8b48c38b382474]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlNumberGenericTableElementsAvl] [c35f20c483483024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlInsertElementGenericTableAvl] [840f00000286fb81]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl] [288bafffffe95]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlNtStatusToDosError] [1673840fda3b00]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlSetThreadErrorMode] [f0000028ffb8100]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlEqualUnicodeString] [91fb81fffffe4b86]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!EtwTraceMessage] [fffe3f870f000002]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlComputeCrc32] [9090fffffe6be9ff]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ntdll.dll!RtlLookupElementGenericTableAvl] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!MesEncodeDynBufferHandleCreate] [90c35f20c4834840]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!MesHandleFree] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!MesDecodeBufferHandleCreate] [9090909090909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!NdrMesTypeDecode3] [6c894808245c8948]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!NdrMesTypeEncode3] [5718247489481024]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!I_RpcExceptionFilter] [246c8b4820ec8348]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!UuidToStringW] [48f98b49ca8b4858]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[RPCRT4.dll!RpcStringFreeW] [48d88b4100006583]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[VSSAPI.DLL!GetProviderMgmtInterfaceInternal] [ffb81c35f20c483]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[VSSAPI.DLL!VssFreeSnapshotPropertiesInternal] [80fb811476000001]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[VSSAPI.DLL!CreateVssBackupComponentsInternal] [82fb81db76000002]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoGetMalloc] [30798b3049ff20ec]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoCreateInstance] [850f01ff83d98b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoWaitForMultipleHandles] [28418b4800000338]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CLSIDFromString] [c08510ff28c18348]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoCreateGuid] [c78b00001408850f]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoTaskMemAlloc] [c4834830245c8b48]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoTaskMemRealloc] [9090909090c35f20]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!CoTaskMemFree] [8348f3ff90909090]
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\system32\SPP.dll[ole32.dll!StringFromGUID2] [8a2f0d8d4820ec]
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe [2752:2532] 000000007388b684
Thread C:\Windows\System32\svchost.exe [792:2712] 000007fef3be9688
---- EOF - GMER 2.1 ----
Any help from all of you would be much appreciated!
MilwaukeeCop